CONFIDENTIALITY, PHI, AND HIPAA

Presenter: Charles Henderson

HCA 459 Senior Project

Professor: Dr. Hwang-Ji Lu

August 4, 2016

WHAT PRO TECTS PATIENT INFO R MATIO N

Health Insurance Portability and Accountability Act (HIPAA)

• Privacy Rule

Protected Health Information (PHI)

Privacy Act

Health Information Technology for Economic and Clinical Health Act (HITECH)

HIPAA

There are five major components of HIPAA’s privacy rule, which are:

1. Boundaries. PHI may be disclosed for health purposes only, with very limited exceptions.

2. Security. PHI should not be distributed without patient authorization, unless there is a clear basis for doing so, and the individuals who receive the information must safeguard it.

3. Consumer control. Individuals are entitled to access and control their health records and are to be informed of the purposes for which information is being disclosed and used.

4. Accountability. Entities that improperly handle PHI can be charged under criminal law and punished and are subject to civil recourse as well.

5. Public responsibility. Individual interests must not override national priorities in public health, medical research, preventing health care

(Wager, Lee, Glaser, 2013, p. 89)

WHAT IS A VIOLATIONBustillos (2013) says PHI under HIPAA protects the following 18 patient identifiers,

Names, all geographical subdivisions smaller than a state, including street address, city, county, precinct, zip code, etc., all elements of dates (except year) for dates directly related to an individual, including birth date, admission date, discharge date, date of death, and all ages over 89, phone numbers, fax numbers, e-mail addresses, social Security numbers, medical record numbers, health plan beneficiary numbers, account numbers, certificate/license numbers, vehicle identifiers and serial numbers, including license plate numbers, device identifiers and serial numbers, web addresses or universal resource locators (URLs),internet protocol (IP) address numbers, biometric identifiers, including fingerprints and voiceprints, full face images and any comparable images, and any other unique identifying number, characteristic, or code (with some narrow exceptions). (5.2 Legal and Regulatory Landscape Affecting Privacy and Confidentiality)

POLICY AND ENFORCER

Code of Ethics• Organizational Leadership

HIPAA, HITECH, Privacy Act• Office of Civil Rights

CODE OF ETHICS

Positive Intentions

Maintain Patient Confidentiality

Accountability

100% Effort

Top Priority is always the patient

Team effort

PENALTIES

Local• Termination of Employment

Nationally• Fines and Prison Time

SPECIFIC PENALTIES

Organization• A medical practice that fails to comply with HIPAA can face fines

ranging from $100 to $50,000 per violation up to an annual maximum of $1.5 million, depending on the practice’s lack of reasonable diligence and the nature of harm resulting from the violation. In addition, criminal charges are possible for individuals or entities that knowingly obtain or disclose PHI, with penalties ranging from fines plus 1 to 10 years of imprisonment based on the misuse intent” ( Cascardo, 2012, p. 338).

Individual• According to Bustillos possible consequences for the individual are a

fine of $1,000 to an accumulated annual amount of $100,000(5.2 Legal and Regulatory Landscape Affecting Privacy and Confidentiality).

• Prison Time

TRAINING

Create Strong Policy

Provide Thorough Education Annually• HIPAA, Privacy Act, HITECH• Code of Ethics

Testing

ADDITIONAL PRECAUTIONS

Patient information needs to be secure and only accessed by authorized individuals for justified purposes.

Implement Encryption Software for Medical Records

Develop levels of access

Monitor employee use and access of patient information

Inspect Patient Records and who has accessed them

TRAINING BENEFITS TO EMPLOYEES

Education

Builds Character

Develops a Professional Culture

Keeps the Organization, Employees, and Patients safe

REFERENCESBustillos, D. (2013). Understanding Health Care Ethics & Medical Law. San Diego: Bridgepoint Education, Inc.

Cascardo, D. (2012). What to Do Before the Office for Civil Right Comes Knocking: Part 1. The Journal of

Medical Practice Management: MPM, 27(6), 337-340. Retrieved from ProQuest

Fox News. (2008). Report Over 120 UCLA hospital staff saw celebrity health records. Retrieved from

http://www.foxnews.com/story/0,2933,398784,00.html

Wager, K. A., Lee, F. W., & Glaser, J. P. (2013). Health Care Information Systems: A practical approach for

health care management (3rd ed.). San Francisco, CA: Jossey-Bass.